CVE-2023-34419

A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.lenovo.com/us/en/product_security/LEN-134879	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:lenovo:legion_5_pro_16iah7h_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:legion_5_pro_16iah7h:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:lenovo:legion_5_pro_16iah7_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:legion_5_pro_16iah7:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:lenovo:legion_5_pro_16arh7_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:legion_5_pro_16arh7:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:lenovo:legion_5_pro_16arh7h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:legion_5_pro_16arh7h:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:lenovo:legion_5_15arh7_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:legion_5_15arh7:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:lenovo:legion_5_15arh7h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:legion_5_15arh7h:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:lenovo:legion_5_15iah7h_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:legion_5_15iah7h:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:lenovo:legion_5_15iah7_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:legion_5_15iah7:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:lenovo:legion_5_pro-16ach6_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:legion_5_pro-16ach6:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:lenovo:legion_5_pro-16ach6h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:legion_5_pro-16ach6h:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:lenovo:legion_5_pro-16ith6_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:legion_5_pro-16ith6:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:h:lenovo:legion_5_pro-16ith6h:-:*:*:*:*:*:*:*

cpe:2.3:o:lenovo:legion_5_pro-16ith6h_firmware:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:h:lenovo:legion_5-15ach6:-:*:*:*:*:*:*:*

cpe:2.3:o:lenovo:legion_5-15ach6_firmware:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:lenovo:legion_5-15ach6a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:legion_5-15ach6a:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:lenovo:legion_5-15ach6h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:legion_5-15ach6h:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:lenovo:legion_5-15ith6_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:legion_5-15ith6:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:lenovo:legion_5-15ith6h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:legion_5-15ith6h:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:lenovo:legion_5-17ach6_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:legion_5-17ach6:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:lenovo:legion_5-17ach6h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:legion_5-17ach6h:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:h:lenovo:legion_5-17ith6:-:*:*:*:*:*:*:*

cpe:2.3:o:lenovo:legion_5-17ith6_firmware:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:h:lenovo:legion_5-17ith6h:-:*:*:*:*:*:*:*

cpe:2.3:o:lenovo:legion_5-17ith6h_firmware:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:h:lenovo:legion_7-16arha7:-:*:*:*:*:*:*:*

cpe:2.3:o:lenovo:legion_7-16arha7_firmware:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:h:lenovo:legion_7-16achg6:-:*:*:*:*:*:*:*

cpe:2.3:o:lenovo:legion_7-16achg6_firmware:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:h:lenovo:legion_7-16ithg6:-:*:*:*:*:*:*:*

cpe:2.3:o:lenovo:legion_7-16ithg6_firmware:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:h:lenovo:legion_pro_5_16irx8:-:*:*:*:*:*:*:*

cpe:2.3:o:lenovo:legion_pro_5_16irx8_firmware:*:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:lenovo:legion_pro_7_16irx8_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:legion_pro_7_16irx8:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:lenovo:legion_pro_7_16irx8h_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:legion_pro_7_16irx8h:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:lenovo:legion_s7_16arha7_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:legion_s7_16arha7:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:lenovo:thinkbook_16p_g3_arh_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkbook_16p_g3_arh:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:lenovo:thinkbook_15p_g2_ith_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkbook_15p_g2_ith:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-08-17 17:15

Updated : 2023-08-24 17:08

NVD link : CVE-2023-34419

Mitre link : CVE-2023-34419

CVE.ORG link : CVE-2023-34419

JSON object : View

Products Affected

lenovo

thinkbook_16p_g3_arh_firmware
legion_5_pro-16ach6
legion_5_15iah7_firmware
legion_5_15iah7
legion_7-16achg6_firmware
legion_5-15ith6_firmware
legion_7-16ithg6
legion_5-15ach6h
legion_5-17ith6h
legion_5-17ith6h_firmware
legion_7-16arha7_firmware
legion_pro_5_16irx8_firmware
legion_5_15iah7h_firmware
legion_5_pro-16ith6h
legion_s7_16arha7
legion_5-17ach6_firmware
legion_5_pro-16ach6h_firmware
legion_7-16achg6
legion_pro_7_16irx8h_firmware
legion_5_pro_16arh7
legion_5-15ach6a
legion_pro_5_16irx8
legion_pro_7_16irx8h
legion_5-15ith6h
legion_s7_16arha7_firmware
thinkbook_15p_g2_ith
legion_5_pro_16arh7_firmware
legion_5-15ach6a_firmware
legion_5_pro_16iah7h_firmware
legion_5_pro-16ach6h
legion_5_pro-16ith6
thinkbook_15p_g2_ith_firmware
legion_5_15iah7h
legion_5-15ach6
legion_5-17ach6h
legion_5_pro-16ach6_firmware
legion_5_pro_16arh7h
legion_5_pro-16ith6_firmware
legion_5-15ith6
legion_5_15arh7
legion_5_pro-16ith6h_firmware
legion_5_pro_16iah7h
legion_5_15arh7_firmware
legion_7-16ithg6_firmware
legion_5_pro_16iah7_firmware
legion_5_pro_16arh7h_firmware
legion_5-17ith6
thinkbook_16p_g3_arh
legion_5-15ach6_firmware
legion_5-17ach6h_firmware
legion_5-15ach6h_firmware
legion_5_15arh7h
legion_5_15arh7h_firmware
legion_7-16arha7
legion_pro_7_16irx8
legion_5_pro_16iah7
legion_5-17ach6
legion_pro_7_16irx8_firmware
legion_5-15ith6h_firmware
legion_5-17ith6_firmware

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

6.7 /10